Name		Name	Last commit message	Last commit date
parent directory ..
116ea16dbeabe08d1fe8891a27d0f16b		116ea16dbeabe08d1fe8891a27d0f16b
1.png		1.png
116ea16dbeabe08d1fe8891a27d0f16b.zip		116ea16dbeabe08d1fe8891a27d0f16b.zip
2-1.png		2-1.png
2-2.png		2-2.png
2-3.png		2-3.png
3-1.png		3-1.png
3-2.png		3-2.png
4.png		4.png
README.md		README.md
get_flag.py		get_flag.py
simple_machine		simple_machine
simple_machine.i64		simple_machine.i64
target		target

README.md

SimpleMachine

Challenge : SimpleMachine

Description :
(fixed-point challenge)

Classic Check Flag Challenge Machine

DOWNLOAD :
http://ctf.codegate.org/099ef54feeff0c4e7c2e4c7dfd7deb6e/116ea16dbeabe08d1fe8891a27d0f16b

point : 333

Summary

Reverse Engineering.
The basic of code virtualization technique.

Tools

HxD
IDA 7.0
gdb-peda

Description

Notice that simple_machine is ELF file and target is data.
Open simple_machine with IDA 7.0, analyze, and generate some pseudo-codes.
- - pseudo-code of main function.
  - Usage: ./simple_machine target
  - There is a limitation to the length of target.
  - It uses code virtualization technique.
  - We can assume that target is a kind of virtualized code script.
- - pseudo-code of vm_func function.
  - There is a control function.
- - pseudo-code of control_func function.
  - Fetch and decode operations from target.
Based on control_func function, set breakpoint on and debug it.
- - Run gdb-peda ./simple_machine and b *0x80017ca(Entry point of control_func).
  - Debug and understand how the program works.
- - First operation is getting input from stdin.
  - 6 ADD-CHECK chain operations are checking if first 12 characters of input are CODEGATE2020.
  - Next 32 operations are generating 12 hashes, calculating XOR with input, and checking if is zero.
  - if all check is passed, print GOOD! to stdout.
  - Last operation is just exiting the program.
Write and execute python script to get flag.
- get_flag.py
CODEGATE2020{ezpz_but_1t_1s_pr3t3xt}